Lucene search

IcscertCVE-2013-2796

HistoryAug 09, 2013 - 11:55 p.m.

CVE-2013-2796

2013-08-0923:55:02

CWE-264

icscert

web.nvd.nist.gov

cve-2013-2796

schneider electric

vijeo citect

citectscada

powerlogic scada

remote attack

arbitrary file read

http request

denial of service

xml external entity

xxe

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.003

Percentile

66.4%

JSON

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

Nvd

Node

schneider-electriccitectscadaRange≤7.20

schneider-electriccitectscadaMatch7.10

schneider-electricpowerlogic_scadaRange≤7.20

schneider-electricpowerlogic_scadaMatch7.10

schneider-electricvijeo_citectRange≤7.20

schneider-electricvijeo_citectMatch7.10

VendorProductVersionCPE
schneider-electriccitectscada*cpe:2.3:a:schneider-electric:citectscada:*:*:*:*:*:*:*:*
schneider-electriccitectscada7.10cpe:2.3:a:schneider-electric:citectscada:7.10:*:*:*:*:*:*:*
schneider-electricpowerlogic_scada*cpe:2.3:a:schneider-electric:powerlogic_scada:*:*:*:*:*:*:*:*
schneider-electricpowerlogic_scada7.10cpe:2.3:a:schneider-electric:powerlogic_scada:7.10:*:*:*:*:*:*:*
schneider-electricvijeo_citect*cpe:2.3:a:schneider-electric:vijeo_citect:*:*:*:*:*:*:*:*
schneider-electricvijeo_citect7.10cpe:2.3:a:schneider-electric:vijeo_citect:7.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	citectscada	*	cpe:2.3:a:schneider-electric:citectscada::::::::
schneider-electric	citectscada	7.10	cpe:2.3:a:schneider-electric:citectscada:7.10:::::::*
schneider-electric	powerlogic_scada	*	cpe:2.3:a:schneider-electric:powerlogic_scada::::::::
schneider-electric	powerlogic_scada	7.10	cpe:2.3:a:schneider-electric:powerlogic_scada:7.10:::::::*
schneider-electric	vijeo_citect	*	cpe:2.3:a:schneider-electric:vijeo_citect::::::::
schneider-electric	vijeo_citect	7.10	cpe:2.3:a:schneider-electric:vijeo_citect:7.10:::::::*

References

ics-cert.us-cert.gov/advisories/ICSA-13-217-02

www.citect.schneider-electric.com/cs-HF720SP459363

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.003

Percentile

66.4%

JSON

Related for CVE-2013-2796